<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第38期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第38期）</strong></h5>
<blockquote> 2014/11/17-2014/11/23</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>某cms程序SQL注入(demo测试)<br><a target="_blank" href="http://www.shellsec.com/tech/187619.html">http://www.shellsec.com/tech/187619.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>安全科普：什么是暴力破解攻击？如何检测和防御？<br><a target="_blank" href="http://www.freebuf.com/news/special/52361.html">http://www.freebuf.com/news/special/52361.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Exploit搜索工具 – Pompem<br><a target="_blank" href="http://www.freebuf.com/tools/51796.html">http://www.freebuf.com/tools/51796.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>PHP应用安全静态代码分析工具 – WAP 2.0<br><a target="_blank" href="http://www.freebuf.com/tools/52333.html">http://www.freebuf.com/tools/52333.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一种自动化检测 Flash 中 XSS 方法的探讨<br><a target="_blank" href="http://www.91ri.org/11464.html">http://www.91ri.org/11464.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP Execute Command Bypass Disable_functions<br><a target="_blank" href="http://www.91ri.org/11321.html">http://www.91ri.org/11321.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>MITMf:中间人攻击框架<br><a target="_blank" href="http://www.91ri.org/10918.html">http://www.91ri.org/10918.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>.NET远程代码执行（MS14-026/CVE-2014-1806）<br><a target="_blank" href="http://www.91ri.org/11461.html">http://www.91ri.org/11461.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>域控制器的用户尽快升级MS14-068补丁<br><a target="_blank" href="http://blog.sina.com.cn/s/blog_e8e60bc00102v9k7.html">http://blog.sina.com.cn/s/blog_e8e60bc00102v9k7.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>在遭中国黑客攻击之后Google与NSA结盟<br><a target="_blank" href="http://www.solidot.org/story?sid=41905">http://www.solidot.org/story?sid=41905</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一周海外安全事件回顾（11.03-11.15）：黑暗网络的坠落<br><a target="_blank" href="http://www.freebuf.com/news/51974.html">http://www.freebuf.com/news/51974.html</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>品味袁哥的DVE神韵<br><a target="_blank" href="http://hi.baidu.com/xiyanggif/item/a386a123e1e6de92b73263ca">http://hi.baidu.com/xiyanggif/item/a386a123e1e6de92b73263ca</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>ModSecurity 晋级-如何调用lua脚本进行防御快速入门<br><a target="_blank" href="http://danqingdani.blog.163.com/blog/static/1860941952014101862337903/">http://danqingdani.blog.163.com/blog/static/1860941952014101862337903/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IE浏览器Fuzzing技术<br><a target="_blank" href="http://hitcon.org/2014/downloads/P1_06_Chen%20Zhang%20-%20Smashing%20The%20Browser%20-%20From%20Vulnerability%20Discovery%20To%20Exploit.pdf">http://hitcon.org/2014/downloads/P1_06_Chen%20Zhang%20-%20Smashing%20The%20Browser%20-%20From%20Vulnerability%20Discovery%20To%20Exploit.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IE浏览器“神洞”CVE-2014-6332已经被用作定向攻击<br><a target="_blank" href="http://blog.vulnhunt.com/index.php/2014/11/18/cve-2014-6332-used-in-targeted-attack/">http://blog.vulnhunt.com/index.php/2014/11/18/cve-2014-6332-used-in-targeted-attack/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>安卓Bug 17356824 BroadcastAnywhere漏洞分析 <br><a target="_blank" href="http://drops.wooyun.org/papers/3912">http://drops.wooyun.org/papers/3912</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>安全科普：你的密码在谁的手里？<br><a target="_blank" href="http://www.freebuf.com/news/special/52234.html">http://www.freebuf.com/news/special/52234.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>震网病毒Stuxnet之子 – Duqu的现身<br><a target="_blank" href="http://www.freebuf.com/news/52249.html">http://www.freebuf.com/news/52249.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>漏洞预警：.NET远程代码执行漏洞（含EXP）<br><a target="_blank" href="http://www.freebuf.com/vuls/51981.html">http://www.freebuf.com/vuls/51981.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>沙虫漏洞（CVE-2014-4114）利用测试方法<br><a target="_blank" href="http://www.freebuf.com/vuls/51735.html">http://www.freebuf.com/vuls/51735.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>战斗之旅——SSCTF（一）<br><a target="_blank" href="http://www.91ri.org/11349.html">http://www.91ri.org/11349.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>勒索软件CoinVault：拿钱来，给你一个恢复文件的机会<br><a target="_blank" href="http://www.freebuf.com/news/51899.html">http://www.freebuf.com/news/51899.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2014-1767_Afd.sys_double-free_漏洞分析与利用<br><a target="_blank" href="http://bbs.pediy.com/showthread.php?p=1331045#post1331045">http://bbs.pediy.com/showthread.php?p=1331045#post1331045</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>2014中华架构师大会PPT<br><a target="_blank" href="http://vdisk.weibo.com/s/A2SbHmu4fAWi/1416472883">http://vdisk.weibo.com/s/A2SbHmu4fAWi/1416472883</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Zero Day Initiative<br><a target="_blank" href="http://www.zerodayinitiative.com/advisories/published/?nsukey=H3ybxI6z8vYpfXCHC7ZctZZ5WVg4BD1C0trgyAOTHU34SON%2Bfg%2FV3xdn9v95hZJGkmOFBybUHYsWQarBfBtCfQ%3D%3D">http://www.zerodayinitiative.com/advisories/published/?nsukey=H3ybxI6z8vYpfXCHC7ZctZZ5WVg4BD1C0trgyAOTHU34SON%2Bfg%2FV3xdn9v95hZJGkmOFBybUHYsWQarBfBtCfQ%3D%3D</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XML实体攻击-从内网探测到命令执行步步惊心<br><a target="_blank" href="http://bobao.360.cn/course/detail/95.html">http://bobao.360.cn/course/detail/95.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>安全研究进阶_yuange1975<br><a target="_blank" href="http://blog.sina.com.cn/s/blog_85e506df0102v9o8.html">http://blog.sina.com.cn/s/blog_85e506df0102v9o8.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WEB调试工具---Firebug<br><a target="_blank" href="http://www.imooc.com/view/137?utm_source=jobboleweibo">http://www.imooc.com/view/137?utm_source=jobboleweibo</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>免费开源相册Piwigo &lt;= v2.6.0 SQL注入漏洞（0day）<br><a target="_blank" href="http://www.freebuf.com/vuls/51401.html">http://www.freebuf.com/vuls/51401.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>使用Pfsense+Snorby构建入侵检测系统<br><a target="_blank" href="http://www.freebuf.com/articles/network/51473.html">http://www.freebuf.com/articles/network/51473.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Pfsense和Snorby<br><a target="_blank" href="http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/3874">http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/3874</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> 博客安全:如何为WordPress做安全防护？<br><a target="_blank" href="http://www.freebuf.com/articles/web/49210.html">http://www.freebuf.com/articles/web/49210.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>战斗之旅——SSCTF（二）<br><a target="_blank" href="http://www.91ri.org/11390.html">http://www.91ri.org/11390.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>开源跳板机(堡垒机)Jumpserver<br><a target="_blank" href="http://laoguang.blog.51cto.com/6013350/1576502">http://laoguang.blog.51cto.com/6013350/1576502</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Trigger the ms14-066<br><a target="_blank" href="http://blog.beyondtrust.com/triggering-ms14-066">http://blog.beyondtrust.com/triggering-ms14-066</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>小窥杀软主防+某杀软反注入exp<br><a target="_blank" href="http://bbs.pediy.com/showthread.php?p=1332925#post1332925">http://bbs.pediy.com/showthread.php?p=1332925#post1332925</a></div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>一些Malware、Virus、Worm相关的文档和电子书<br><a target="_blank" href="http://m.weibo.cn/1684840802/3778153060791056/weixin?sourceType=weixin&amp;from=1046295010&amp;wm=5091_0008">http://m.weibo.cn/1684840802/3778153060791056/weixin?sourceType=weixin&amp;from=1046295010&amp;wm=5091_0008</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Pullcore-永久免费的新闻标题核心词提取API<br><a target="_blank" href="http://pullcore.com/">http://pullcore.com/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于重复发包的防护与绕过 <br><a target="_blank" href="http://drops.wooyun.org/web/3910">http://drops.wooyun.org/web/3910</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP WDDX Serializier Data Injection Vulnerability<br><a target="_blank" href="http://drops.wooyun.org/tips/3911">http://drops.wooyun.org/tips/3911</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Deobfuscation and beyond (ZeroNights, 2014)<br><a target="_blank" href="http://www.slideshare.net/ReCrypt/deobfuscation-and-beyond">http://www.slideshare.net/ReCrypt/deobfuscation-and-beyond</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Win95+IE3 – Win10+IE11全版本执行漏洞（含POC）<br><a target="_blank" href="http://www.freebuf.com/articles/system/51501.html">http://www.freebuf.com/articles/system/51501.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>爬虫技术浅析<br><a target="_blank" href="http://drops.wooyun.org/tips/3915">http://drops.wooyun.org/tips/3915</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Mongodb注入攻击 <br><a target="_blank" href="http://drops.wooyun.org/tips/3939">http://drops.wooyun.org/tips/3939</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Smashing_The_Browser<br><a target="_blank" href="https://github.com/demi6od/Smashing_The_Browser">https://github.com/demi6od/Smashing_The_Browser</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP Execute Command Bypass Disable_functions With Shellshock<br><a target="_blank" href="http://www.secpulse.com/archives/2300.html">http://www.secpulse.com/archives/2300.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>2014 WOT全球软件技术峰会PPT<br><a target="_blank" href="http://down.51cto.com/zt/6814/1">http://down.51cto.com/zt/6814/1</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP绕过open_basedir列目录的研究<br><a target="_blank" href="http://drops.wooyun.org/tips/3978">http://drops.wooyun.org/tips/3978</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>IRMA在线分析系统<br><a target="_blank" href="http://irma.quarkslab.com/">http://irma.quarkslab.com/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2014-6332 ie漏洞利用分析<br><a target="_blank" href="http://xteam.baidu.com/?p=104">http://xteam.baidu.com/?p=104</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>火眼实验室MSDN脚本使用<br><a target="_blank" href="http://blog.depressedmarvin.com/blog/2014/11/18/msdn-annotations-ida-pro/">http://blog.depressedmarvin.com/blog/2014/11/18/msdn-annotations-ida-pro/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>IOS假面攻击<br><a target="_blank" href="http://bobao.360.cn/news/detail/810.html?preview=1">http://bobao.360.cn/news/detail/810.html?preview=1</a></div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>Data Mining in Social Science<br><a target="_blank" href="http://lingfeiw.gitbooks.io/data-mining-in-social-science/">http://lingfeiw.gitbooks.io/data-mining-in-social-science/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSLStrip 终极版：Location 瞒天过海<br><a target="_blank" href="http://www.freebuf.com/articles/web/50771.html">http://www.freebuf.com/articles/web/50771.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>APT事件技术文档索引库<br><a target="_blank" href="http://git.oschina.net/superme/APTnotes">http://git.oschina.net/superme/APTnotes</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Debugging and reverse engineering: Stuxnet<br><a target="_blank" href="http://bsodanalysis.blogspot.sg/2014/11/stuxnet-kernel-analysis.html">http://bsodanalysis.blogspot.sg/2014/11/stuxnet-kernel-analysis.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span> IE远程代码执行漏洞（CVE-2014-6332）利用测试方法<br><a target="_blank" href="http://www.freebuf.com/vuls/51628.html">http://www.freebuf.com/vuls/51628.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Radare - Forensic Android Tool<br><a target="_blank" href="http://www.radare.org/y/?p=download">http://www.radare.org/y/?p=download</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Optimizing Disk IO and Memory for Big Data Vector Analysis<br><a target="_blank" href="http://blogs.teradata.com/data-points/optimizing-disk-io-and-memory-for-big-data-vector-analysis/">http://blogs.teradata.com/data-points/optimizing-disk-io-and-memory-for-big-data-vector-analysis/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>XCTF HCTF Reverse Writeup<br><a target="_blank" href="http://www.programlife.net/xctf-hctf-reverse-writeup.html">http://www.programlife.net/xctf-hctf-reverse-writeup.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>老掉牙的12306根证书问题可导致中间人攻击<br><a target="_blank" href="http://www.wooyun.org/bugs/wooyun-2014-082725">http://www.wooyun.org/bugs/wooyun-2014-082725</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2014-0569漏洞分析<br><a target="_blank" href="http://weibo.com/p/1001603769606924861349?u=http%3A%2F%2Ft.cn%2FR7JT2kU&amp;ep=BtcNexjTX%2C1874932054%2CBtcNexjTX%2C1874932054&amp;wm=5091_0008&amp;sourceType=weixin&amp;from=1046295010&amp;ext=sourceType%3Aweixin&amp;featurecode=20000180&amp;oid=3778056844143251&amp;rl=1&amp;luicode=2">http://weibo.com/p/1001603769606924861349?u=http%3A%2F%2Ft.cn%2FR7JT2kU&amp;ep=BtcNexjTX%2C1874932054%2CBtcNexjTX%2C1874932054&amp;wm=5091_0008&amp;sourceType=weixin&amp;from=1046295010&amp;ext=sourceType%3Aweixin&amp;featurecode=20000180&amp;oid=3778056844143251&amp;rl=1&amp;luicode=2</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>建立个人知识体系<br><a target="_blank" href="http://www.lishen.me/archives/528">http://www.lishen.me/archives/528</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>chm文件执行任意代码<br><a target="_blank" href="http://xiaonieblog.com/?post=128">http://xiaonieblog.com/?post=128</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WAF的实现<br><a target="_blank" href="http://danqingdani.blog.163.com/blog/static/1860941952014101723845500/">http://danqingdani.blog.163.com/blog/static/1860941952014101723845500/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP Execute Command Bypass Disable_functions<br><a target="_blank" href="http://zone.wooyun.org/content/16631">http://zone.wooyun.org/content/16631</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>pyspider介绍<br><a target="_blank" href="http://blog.binux.me/2014/11/introduction-to-pyspider/">http://blog.binux.me/2014/11/introduction-to-pyspider/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Static-DOM-XSS-Scanner<br><a target="_blank" href="https://github.com/ajinabraham/Static-DOM-XSS-Scanner">https://github.com/ajinabraham/Static-DOM-XSS-Scanner</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Google与NSA（美国国安局）结盟，共同对抗黑客<br><a target="_blank" href="http://www.freebuf.com/news/51956.html">http://www.freebuf.com/news/51956.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP Session 序列化及反序列化处理器设置使用不当带来的安全隐患<br><a target="_blank" href="http://drops.wooyun.org/tips/3909">http://drops.wooyun.org/tips/3909</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>社会信息学2014巴塞罗那会议报告<br><a target="_blank" href="http://www.jianshu.com/p/81075168240e">http://www.jianshu.com/p/81075168240e</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>不只是搜索引擎：10个鲜为人知谷歌搜索功能<br><a target="_blank" href="http://www.shellsec.com/tech/187536.html">http://www.shellsec.com/tech/187536.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>捣毁Tor网络黑市：400个匿名站点被关，丝绸之路2.0经营者被捕<br><a target="_blank" href="http://www.freebuf.com/news/50903.html">http://www.freebuf.com/news/50903.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability<br><a target="_blank" href="http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php?nsukey=9s%2BGDLjFM2hq51rKHzOfJbHEZ6vfVkIcD4bFMXkcMfYm2msBPSzpn5ErG7MIq6Ljh8F3jSt7ksTOZu6wm6VbMA%3D%3D">http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php?nsukey=9s%2BGDLjFM2hq51rKHzOfJbHEZ6vfVkIcD4bFMXkcMfYm2msBPSzpn5ErG7MIq6Ljh8F3jSt7ksTOZu6wm6VbMA%3D%3D</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android Hacking and Security, Part 13: Introduction to Drozer<br><a target="_blank" href="http://resources.infosecinstitute.com/android-hacking-security-part-13-introduction-drozer/">http://resources.infosecinstitute.com/android-hacking-security-part-13-introduction-drozer/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>NoSuchCon 2014 大会资料<br><a target="_blank" href="http://www.nosuchcon.org/talks/2014/">http://www.nosuchcon.org/talks/2014/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>远程工作资料<br><a target="_blank" href="https://github.com/greatghoul/remote-working">https://github.com/greatghoul/remote-working</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>程序员与黑客<br><a target="_blank" href="http://mdslide.sinaapp.com/infoq.php?count=52&amp;prefix=yuxian&amp;title=%E7%A8%8B%E5%BA%8F%E5%91%98%E4%B8%8E%E9%BB%91%E5%AE%A2&amp;from=timeline&amp;isappinstalled=0#/">http://mdslide.sinaapp.com/infoq.php?count=52&amp;prefix=yuxian&amp;title=%E7%A8%8B%E5%BA%8F%E5%91%98%E4%B8%8E%E9%BB%91%E5%AE%A2&amp;from=timeline&amp;isappinstalled=0#/</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/38">SecWiki周刊(第38期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
